Service Meshes on Kubernetes: Istio, Linkerd, SuperGloo

Quick note: there’s a lot going on in the Service Mesh space for Kubernetes.

Istio (based on Envoy) is the elephant in the room with a ton of funding.

But there’s also Linkerd and SuperGloo.

And a recent announcement from AWS: AWS App Mesh.


Great summary of Istio:

Generally traffic is defined as north/south (into and out of the datacenter) or east/west (between servers in the datacenter).

Istio is for east/west traffic within your K8S cluster, designed to connect your services together by moving all the network traffic through the Envoy proxy. It is usually done by wrapping your deployments with an extra sidecar pod (automatically using K8S APIs) that intercepts all the networking to other services and pods. You would still use a load balancer or ingress to route external traffic into the cluster, although there are options like Heptio Contour that also use Envoy for this.

This provides a single data and control plane to centralize all network reliability, security, service discovery, and monitoring.

Note: Istio uses an extended version of the Envoy proxy:
Istio provides:
  • Dynamic service discovery
  • Load balancing
  • TLS termination
  • HTTP/2 and gRPC proxies
  • Circuit breakers
  • Health checks
  • Staged rollouts with %-based traffic split
  • Fault injection
  • Rich metrics
And an interesting post about Service Meshes:

Fully automated canary deployments in Kubernetes

See here for a Hello World example using Codefresh.

and a manual Canary deployment:

which uses a bash script (``) with parameters.


Otherwise proceed to:

This webinar also shows with / without Istio and using Helm for deployments:




Spinnaker, Istio and Kubernetes

Spinnaker: is an open source CD platform


Istio: is an open source service mesh which reduces complexity of deployments

What’s a service mesh? It describes the network of microservices and the interactions between them.

Istio also does things like A/B testing, canary releases, rate limiting, access control and end-to-end authentication. But also provides behavioural insights and operational control over the service mesh.


However, I’m not reading great things about Istio. E.g.

Spinnaker and ISTIO from kubernetes